CVE-2024-55342

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/PiranhaCMS/piranha.core	Product
https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:dotnetfoundation:piranha_cms:11.1:*:*:*:*:*:*:*

History

18 Apr 2025, 16:58

Type	Values Removed	Values Added
First Time		Dotnetfoundation Dotnetfoundation piranha Cms
CPE		cpe:2.3:a:dotnetfoundation:piranha_cms:11.1:::::::*
References	~~() https://github.com/PiranhaCMS/piranha.core -~~	() https://github.com/PiranhaCMS/piranha.core - Product
References	~~() https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html -~~	() https://sec-fortress.github.io/posts/articles/posts/CVE-2024-55342.html - Exploit, Third Party Advisory

20 Dec 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-20 19:15

Updated : 2025-04-18 16:58

NVD link : CVE-2024-55342

Mitre link : CVE-2024-55342

CVE.ORG link : CVE-2024-55342

JSON object : View

Products Affected

dotnetfoundation

piranha_cms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.7 /10